Our colleagues have reminded us that on March 1, 2012, the contract grandfathering provisions of the Massachusetts Data Security Law and Regulations will expire:
As we previously noted in our Foley Adviser dated February 3, 2010, “New Massachusetts Data Security Law and Regulations-Comprehensive Information Security Plan required before March 1, 2010”, under the regulations, an investment adviser must require third-party service providers by contract to implement and maintain appropriate security measures for personal information. There currently is a grandfather provision that deems any contract with a service provider entered into before March 1, 2010 to be in compliance even if it makes no reference to data protection.
The grandfather provision expires on March 1, 2012, so any contract regardless of when signed must be brought into compliance by March 1, 2012. You should take steps to ensure that your third party service provider contracts are now in compliance.